Network Security, Third-party code, DevSecOps

Malicious repositories proliferate in Docker Hub

The Docker website is displayed on a computer.

More than three million of 4.79 imageless repositories uploaded to Docker Hub over the past five years have been leveraged to target the container registry's users in three separate malicious campaigns, reports The Hacker News.

Over a million repositories have been created between the first half of 2021 and September 2023 to support the Downloader campaign, which involved the use of links promoting cracked software and video game cheats that redirect to a malicious payload, while users' financial details have been sought by the eBook phishing campaign, which included repositories published in mid-2021, a report from JFrog revealed.

On the other hand, thousands of repositories established between April 2021 and October 2023 supported the Website SEO campaign that sometimes redirected to the Penzu online diary-hosting service.

"As Murphy's Law suggests, if something can be exploited by malware developers, it inevitably will be, so we expect that these campaigns can be found in more repositories than just Docker Hub," said JFrog Senior Director of Security Research Shachar Menashe.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.